Mandatory Notifiable Data Breaches Scheme

On Thursday 22nd February 2018, new notifiable data breach laws come into effect. Following is some information on the new scheme, how this impacts your business, what you can do to prevent breaches and what to do if a breach has occurred.

What is the Notifiable Data Breaches scheme (NDB)?

An ‘eligible data breach’, which triggers notification obligations, is a data breach that is likely to result in serious harm to any of the individuals to whom the information relates.

A data breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.

Which data breaches require notification?

The NDB scheme introduced an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. This notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches.

Examples of a data breach include:

  • a device containing customers’ personal information is lost or stolen (e.g. a Laptop, mobile phone/iPad, external hard drive or USB drive)
  • a database containing personal information is hacked or accessed by an unauthorised person.
  • any unauthorised (internal or external) access to customer data and information.
  • personal information is mistakenly provided to the wrong person.<

What can you do to help prevent data breaches?

While (Business Name) carries out many measures to prevent data breaches, individuals can assist in keeping personal information secure by following the below guidelines:

  • Do not copy customer’s personal data to computers, laptops or mobile devices (phones, USB drive)
  • Do not email customer’s personal details to third parties
  • Have a secure password for your login
  • Do not have passwords written down
  • Lock your computer when you walk away from it
  • Do not use online storage (DropBox, OneDrive) for personal information storage
  • Ensure all devices have password protection enabled (iPhones, USB Drive in particular)
  • Be aware of ‘Phishing’ scams requesting information

What to do if a breach has occurred or you suspect a breach has occurred?

If you suspect a data breach may have occurred, your first course of action is to contact the IT Manager  to discuss. Please be prepared to provide as much information as possible regarding the breach to assist with assessing the impact and allow us to determine if it is a notifiable event.

Should you have any further questions about the scheme, please do not hesitate to contact ABT at 9878 7111.

 

Resourse: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme